What are packet sniffers and are they good or bad?Internet eavesdropping, network diagnostic and moreBy Red Squirrel

The way the data is sent over a network is a similar fashion of a courier company. Let's say you need to send a bunch of stuff somewhere, it may need to be sent in separate boxes. Same thing with internet data. If you're sending a huge file, for example, it is broken up into "boxes" or more specifically, packets. A packet sniffer will "sniff" these packets so you can see them when you retrieve the log. So by looking at the log you can see each packet's content. A packet has a header, with the information such as the source, destination, ports, and other information. Then there's also the body which is the actual data to be sent. The body is usually what is wanted as it contains the actual data sent or received, such as the HTTP request.

Carnivore, FBI's now retired packet sniffer concentrated mostly on emails. So it would only sniff packets that are emails. Carnivore also filtered out the content of emails. If it had the word terrorism, bomb, weapons, destruction, etc. Then it puts the packet in a cue to be manually checked by humans to see if it's terrorist related activity. So chance are if you send an email through the states that has suspicious keywords, it would have been read by the FBI. If it's nothing to be scared of, it would be disregarded. But that's only if it passed through a line that has a Carnivore installation on it, as it is not a 24/7 thing as far as I know.

This is where packet sniffers are controversial, because they can easily be used to eavesdrop on people. The FBI was using it for a good cause - homeland security, but it could easily be abused by them, or anyone else using it. Given they had the right to hook it to pipelines they could get quite allot of conversations! Let's face it, the Internet is not what you should use if you are transferring something that needs to be 100% private! The easiest way to go is to always assume someone else may read your message before it reaches the right person. So never send out your credit card number in any way without using sophisticated encryption, such as 128-bit SSL.

Carnivore is one packet sniffer property of the FBI, but there are free ones available as well. Someone could sneak one on a library network and see what people are doing etc. With knowledge of a game's net code you could basically track down every movement of the character of someone playing a game. The possibilities of packet sniffing are endless. But this is what makes them so exciting to use.

But are they only good for eavesdropping? Nope. They have quite allot of positive uses such as diagnosing network problems, to tracking down suspicious activity and can even be a good learning tool to learn how a certain protocol works. If you want to write a browser for example, you need to learn HTTP so you can sniff a bunch of HTTP sessions of your own then analyze what the client sends, and what the server responds with.

Posted by Red Squirrel on February 02th 2005 (15:40) Well it's not as easy as you think. You basically need to try and trick the switch into thinking it's a hub. Never done it but I know it has to do with flooding it with a bunch of arp packets and such. But on a typical college/school network I'm sure there's security in place to avoid this, such as filtering of these packets and what not.